The item to he cleared is a medium-fidelity software simulation model of a vented 
cryogenic tank. Such tanks are commonly used to transport cryogenic liquids such as 
liquid oxygen via truck, and have appeared on liquid-fueled rockets for decades. 

This simulation model works with the HCC simulation system that was developed by 
Xerox PARC and NASA Ames Research Center. HCC has been previously cleared for 
distribution. 

When used with the HCC software, the model generates simulated readings for the tank 
pressure and temperature as the simulated cryogenic liquid boils off and is vented. 
Failures (such as a broken vent valve) can be injected into the simulation to produce 
readings corresponding to the failure. 

Release of this simulation will allow researchers to test their software diagnosis systems 
by attempting to diagnose the simulated failure from the simulated readings. 

This model does not contain any encryption software nor can it perform any control tasks 
that might be export controlled. 



Th i :y ;r-*in :'jiu : jr ; of t Liqui.1 oxygen tank wirh i pneumat io..i L Ly 
:onr £.-• 5 L led vent valve. Aj the temp cxygen boiLs and the 

•/' pressure ruej. At a set pressure, the pneumat lc vaLve should open 

to re Lease gaseous oxygen , decreasing the pressure. When the pressure 
/ u sufficiently Low, the vaLve shouLd cLose to prevent excessive 
/ oxygen Loss . 


’/ There are a number of Cai Lures that can be injected to alter the 
7 simulated operation of the system. 


.7 

it The layout of the system is as follows: 

// 

// The high pressure pneumatic tank is filled with an inert gas. The pressure 

it from this tank is regulated down to a working pressure, and is used to 

// provide the force to open/close the pneumatic valve. The temp and pressure 

// at the pneumatic tank are measured, as is the pressure of the regulated 

// pneumatic pressure. 


// 
ft 
// 
/ / 
// 
// 
// 
// 
// 
// 
// 
// 
// 
// 
// 
// 
// 
// 
// 
// 
/ / 


The liquid oxygen tank is connected to the pneumatic valve. When the valve is open, 
gaseous oxygen that has boiled in the tank is vented to the atmosphere. The oxygen 
pressure in front of the valve and the temperature after the valve are sensed. 

Since the gaseous oxygen is extremely cold, the temp sensor should show 
a decreased temperature when oxygen is being vented. 
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# include 
# include 
# include 
# include 
# include 
# include 


" Flow. hcc” 

"Tank. hcc" 

"ActuatingSolenoidValve . hcc" 
" PneumaticValve . hcc" 

" Regulator . hcc" 

"Orifice.hcc" 


# inc 1 ude " LoxTank .hcc" 

# inc 1 ude " Con t ro 1 1 e r . hcc " 
# include "Sensors . hcc r ' 


\ integrat ion__ini t 0.001 


/////////////////////////////////////////////////////// ////////////////// ' / 

// 

// Objects to r pneumatic system 
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t L w i y z 
i (.ways 
\ l ways 
i l ways 
i l ways 
always 
always 


F t Low TFC)2_37Q8 = rnLmew FlowO); 

F low 3V03_RG2L * evaLinew FlowO); 
FLow RG2L_RG02 - eval mew FlowO); 
Flow RG02_3V3l = aval (new FlowO); 
Flow 3V3 L_Out - aval (new FlowO); 
Flow 3V3 l_OFQ l = avail new FlowO); 
Flow OFOl VROl 3 aval (new FlowO); 


always Tank TK0 2 = aval (new Tank (TK02_SV08 , 29.24, 540, 8.47, 0.00832)); 


always Solano IdActuatingOnOf fGasValve SV08 * 

eval (new SolenoidActuatingOnOf fGasValve (TK02_SV08, SV08_RG21, 1) ) ; 


always Regulator RG21 = eval(new Regulator (SV08_RG21 , RG21_RG02, 700)); 

always Regulator RG02 = eval (new Regulator (RG21_RG02 , RG02_SV31, 750)); 

always SolenoidActuating3wayGasValve SV31 * 

eval (new SolenoidActuating3wayGasValve (RG02_SV31 , SV3 l_Out , SV3 l_OF0 1 , 1) ) 


always Orifice OFOl * eval (new Orif ice (SV31_OF01, OF01_VR01, 0.00545, 

0.000341, 1.66, 1.0, 0.0088)); 

always { 

SV31JDut.p * 15; 
if <SV31_0ut . flows ign > 0) { 

SV31_Out.t * 390; 

} 

} 


////////// v////////////////////////////////////////////////////////////// 
// 

if Objectr for LOX tank and vent system 

// 

///////////////////////////////////////////////////////////////////////// 

always Flow InTank = eval (new FlowO); 
always Flow MainOut * eval (new FlowO); 
always Flow I*O2_VR01 » eval (new FlowO); 
always Flow VROljOut * eval (new FlowO); 

always Pneumat icOnOf fGasValve VROl * 

eval (new Pneuma t icOnOf fGasValve (LO 2 _VR01 , VR01_Out, OF01_VR01, 
0.01, 0, 0.065, 2, 0.0705) ); 

// public PneumaticOnOf fGasValve (Flow In, Flow Out, Flow Tankln, 

// interval tank_mass_init , interval defaultState , interval diameter, 

// interval loss_coeff) { 


ilways L xTank L02 = eval (new LoxTank ( InTank, LO2_VR01, MainOut, 21400, 
162.25, 0.0705, 10, 30.56)); 

ilways Controller VIControl = eval (new Controller (SV3 1 , L02)); 
tiways ( 

/ / L02 _VR0 1 . p = 30; 

/ / L02 _VR0 1 . t = 540; 
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0 . ') ; 


/po L. u Ou t . p = 5.S; 7 Pressure at J’5,000 ft 

M,i LnOut . mass rite * 0.0; 


///////////.' ///////////////////////////////////////////////////////////// 

/ y 

// Sensors (Pressure, temperature, microswitches) 

/////// ////////////////////////////////////////////////////////////////// 

// Sensors on the pneumatic system. Supply pressure, regulated pressure, temperature 
always PressureSensor PneumSupP = eval(new PressureSensor (TK02_SV08 , 5 , 0 , 0 . 1) ) ; 
always PressureSensor PneumRegP * eval (new PressureSensor (RG02_SV3 1 , 5 , 0 , 0 , 1 )) ; 
always TemperatureSensor PneumT»eval (new TemperatureSensor (TK02_SV08 , 0,0.2)); 

// Sensors on the LOX vent. Three redundant pressure sensors, plus temp 

always PressureSensor VentPA * eval (new PressureSensor (LO2_VR01, 5, 0, 0.1)); 

always PressureSensor VentPB * eval (new PressureSensor (LO2_VR01, 5, 0, 0.1)); 

always PressureSensor VentPC » eval (new PressureSensor (LO2_VR01, 5, 0, 0.1)); 

always TemperatureSensor VentT*eval (new TemperatureSensor (VR01_Out, 0 , 0 . 2) ) ; 

// Sensor on the pneumatic cut-off. This is usually never closed 

always Mi croswitchOnOff Valve PneumCutPos = eval (new MicroswitchOnOf fValve (SV08 ) ) ; 

// Sensor on the Vent valve 

always Microswitch3wayValve VentPos * eval (new Microswitch3wayValve (SV31) ) ; 


iiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiitiiiiiiiiiiiiiiiiiiiiiniiiiiiiiiiiii 

// 

// Variables to sample 

// 

nnnnnnnnninnnniniinnnnninnniinnnnnnnnnnn . 

//Needed for Labview: 

//sample (L02 .p_gox, L02.t_gox) ; 

//Debugging sampling: 

//sample (VROl.PVT.p, L02_VR01.p, LO2_VR01.t, LO2_VR01.mass_rate); 

//sample (L02 .p_gox, L02.t_gox, L02.v_gox, L02.m_gox, L02 .m_boi Irate , L02.t_lox, L02.m_lox, 
L02 . p_sat) ; 


iiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiitiiiiniiiii 

u 

// Commands and faults 

// 

iiiiiimiiiiiiiiiiiiiiiiiiiiiiiiiuiiiiiiniiiiiiiiiiiiiiiiiiiniiiii 

//when (time = 100) SV08 . SetClosed ( ) 

//when (time = 110) SV08 . SetOpen () ; 

./hen (time =• 0.01) SV3 1 . SetClosed 0 ; 

//when (time = 170) SV3 1 . SetOpen 0 ; 

//when (time = 230) SV3 1 . SetClosed () ; 

//when (time = 270) SV3 1 . SetOpen 0 ; 

V ManuaL valve open/close commands, to see if 


Page 3 of 4 



■ With maau.i L •; ummundj , cuar Line t>c L'j)00:; - 4 4 ce.il a Lme ; 
W 1 1 h tuLL cont co L Ler , cunt: Line - 3ver -0 nnin 
; i W l r a ^oticcoL i*er without "Done” .state = 56 j 

//when (time = 1300; 3V3 1 . SetOpen ( ) ; 

//when (time * 2340) 3V3 L . SetCLased ( ) ; 

//'when (time = 3 045/ 3 V3 L . SetOpen () ; 

//when (time * 3170; 3V3 1 . SetClosed ( ) ; 

//when (time * 3945/ 3V3 1 . SetOpen ( ) ,* 

//when (time * 4080) SV3 1 . SetClosed () ; 

//when (time =* 4933) SV3 1 . SetOpen () ; 

//when (time * 5081) SV3 1 . SetClosed 0 ; 

//when (time = 6018) SV3 1 . SetOpen () ; 

//when (time = 6180) SV3 1 . SetClosed () ; 

//when (time * 7211) SV31 . SetOpen () ; 

//when (time * 7388) SV3 1 . SetClosed () ; 

//when (time * 8520) SV3 1 . SetOpen 0 ; 

//when (time = 3714) SV3 1 . SetClosed 0 ; 

// Fault injection commands 

//when (time * 1000) RG21 . SetNotRegulating () ; 

//when (time * 1000) RG0 2 . SetNotRegulating () ; 

//when (time » 3000) SV31 .SetStuckOpen(O) ; 

//when (time * 1000) SV31 .SetStuckClosed(O) ; 

//when (time » 1000) VR01 .SetStuckOpen (0) ; 

//when (time =» 3000) VRQ1 . SetStuckClosed (0) ; 

//when (time =* 90) RG12 . SetRegulatingHighO ; 

//when (time =* 90) RG12 , SetRegulatingLow ( ) ; 

//when (time * 90) RG12 . SetNotRegulating () ; 

//when (time * 90) RG12 . SetBlocked ( ) ; 

//when (time » 100) RG12 . ClearFault ( ) ; 
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A< Um yve- r 


Act > i iV i L . hcc 

/ / 1 . ' / / / ■■ / / / / / / / ! ! i / i f ! / / / , ' / / / / / / / / ' / ! i I ! i : ' / ' / / / '■ //// 

# L fade t Ac taut ingVa L*/e_HEADBR 
#de t ine Aetna t LngVa L ve_HEADER 

\ mcdu 1 e " va L ve f au 1 t " 

# include 11 Common. hcc ,f 
It i nc 1 ude " F low . hcc 11 

lllllllillllillllllllilllllllltlllllllllllllltlllllllll 

II Solenoid Valve (Actuating, On-Off, Gas) object 

////////////////////////////////////////////////////// 

class SolenoidActuatingOnOf fGasValve { 

private interval p; 

private interval probClearFault ; 

private boolean StuckOpen, StuckClosed, RemoveFault ; 

public interval state, default_state, junk; 

public void SetOpenO; 
public void SetClosedO ; 

public void SetStuckOpen ( interval probclear) ; 
public void SetStuckClosed ( interval probclear); 
public void ClearFault { ) ; 

public SolenoidActuatingOnOf fGasValve (Flow In, Flow Out, 
interval defaultState) { 

//sample (state, density, mass_flow, StuckOpen); 

//sample (StuckClosed) ; 

storeval ( state , def ault_state) ; 

always { 

default_state :* eval (defaultState) ; 

// This type of valve only passes the flow information 
// through if it's open, and passes p » 0 if it's 
// closed. There isn't any setting of the mass flowrate. 

Out . t := In.t; 

Out . mass_rate = In . mass_rate ; 

unless (StuckClosed) { 
unless (StuckOpen) { 

unless ( (state * 0) | | (In.p = 0) ) { 

Out . p = In.p; 

} else { // ( (state * 0) | | (In.p <= Out.p) || (In.p = 0) ) // 

Out . p * 0 ; 

) 

} 


/* Define the two failure modes for the valve, StuckOpen 
and StuckClosed. As you'd expect, StuckOpen will let 
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m l jriickCL 5:5ed w L l :vr L-r rj^ j.m through. * 
vh’ rrkOperu { 

< m Less ( [n p : 0 ) { 

Out . p ^ En . p ; 

f 

e L se / * ( In . p - 0 ) * / { 

Out .0 = 0; 


if (StuckClosed) { 

Out . p : = 0 ; 

} 

} 

} 

/* Define the access functions to turn the valves on 

and off. Note that there will be a probability of unsticking 
the valve when we try to open and close it. When the valve 
is stuck open, we can't close it, and sending the command 
to open again might free the valve. Also, when the valve 
is stuck closed, we can't open it, and so sending the 
command to close again might free the valve. */ 

public void SetOpenO { 
storeval ( state , 1 ) ; 
if (StuckOpen) { 

interval clear * check_to_clear_fault (probClearFault ) ; 
if (clear « 1) ClearFault ( ) ; 

} 

} 

public void SetClosedO { 
storeval (state, 0) ; 
if (StuckClosed) { 

interval clear * check_to_clear_fault (probClearFault) ? 
if (clear * 1) ClearFault () ; 

} 

} 

/* Define the access functions that allow the user to 

inject faults to the valve. These are mutually exclusive, 
so SetStuckOpen will do nothing if we called a SetStuckClosed 
without clearing it (and vice versa) . */ 

public void SetStuckOpen ( interval probclear) { 
unless (StuckClosed) { 
unless (StuckOpen) { 
do ( 

hence StuckOpen; 

} watching (RemoveFault) ; 
storeval (probClearFault, probclear) ; 


} 

public void SetStuckClosed ( interval probclear) { 
unless (StuckClosed) ( 
unless (StuckOpen) { 
do { 

hence StuckClosed; 

} watching (RemoveFault) ; 

storeval (probClearFault, probclear) ; 
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public voi. i CLearFauLt ( ) { 

Remove FauLt ; 


pub Lie void CreateValveFaul t ( ) { 

interval faulttype, faultprob; 

faulttype * check_for_f aul t (de faul testate f state); 
if ( fault type * 1.0 ) { 

faultprob = get_prob _to_clear ( ) ; 

SetStuckOpen ( faul tprob) ; 

} 

if ( faulecype = 2.0 ) { 

faultprob = get prob to clear ( ) ; 

SetStuckClosed ( faultprob) ; 

} 

} 

} 

iiiiiiiiiniiiiiiiiiiiiiiiiuiiiiiiiiiiiiiiiiiiiiiiiiii 

// Solenoid Valve (Actuating, 3 -way, Gas) object 

////////////////////////////////////////////////////// 

class SolenoidActuating3wayGasValve { 

private interval p; 

private interval probClearFault ; 

private boolean StuckOpen, StuckClosed, RemoveFault; 

public interval state, def ault_state ; 

public void SetOpenO; 
public void SetClosedO; 

public void SetStuckOpen ( interval probclear); 
public void SetStuckClosed (interval probclear); 
public void ClearFault ( ) ; 

public SolenoidActuating3wayGasValve (Flow A, Flow B, Flow C, 
interval def aul tState) ( 

//sample (state, density, mass_flow, StuckOpen); 

//sample (StuckClosed) ; 

storeval (state, def ault_state) ; 

always { 

def ault_state :* eval (def aultState) ; 

// This type of valve only passes the flow information 
* // through A->C if it's open, and passes B<-C if it's 
// closed. 

unless (StuckClosed) ( 
unless (StuckOpen) { 
unless ( state * 0) { 

C.p = A.p; 

C . t = A . t ; 
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: L ;w:3 l jn - A . £ Lows l jn . 

3 . muss _ rate 3 0.0; 

} else f // ( state - 0 )// 

C.p = 3 . p ; 

C . t = 3 . t ; 

C.mas3_rat:e = 8.mass_rate; 

C.flowsLgn - B. flows ign; 

A.mass_rate =* 0.0; 

} 

/•unless ( state - 1) { 

C-p = B.p; 

C . t « 3 . t ; 

C.mass_rate * B.mass_rate; 

C.flowsign * B. flows ign; 

A. mass_rate = 0.0; 

} else { // ( state =1 )// 

C.p - A.p; 

C.t ■ A . t ; 

C.mass_rate =» A.mass_rate; 

C.flowsign * A.flowsign; 

B. mass_rata » 0.0; 

w 

} 

} 

/* Define Che two failure modes for the valve, StuckOpen 
auid StuckClosed. As you'd expect, StuckOpen will let 
gas through regardless of the commanded set value, 
and StuckClosed will not let the gas through. */ 
if (StuckOpen) { 

C. p * A.p; 

C.t * A. t ; 

C.mass_rate = A.mass_rate; 

C.flowsign = A.flowsign; 

B.mass_rate * 0.0; 

} 



if (StuckClosed) { 

C.p * B.p; 

C.t * B.t; 

C.mass_rate =* B.mass_rate; 

C.flowsign =* B.flowsign; 

A.mass_rate » 0.0; 

} 

} 

} 

/* Define the access functions to turn the valves on 

and off. Note that there will be a probability of unsticking 
the valve when we try to open and close it. When the valve 
is stuck open, we can't close it, and sendir ; the command 
to open again might free the valve. Also, Men the valve 
is stuck closed, we can't open it, and so sending the 
command to close again might free the valve. */ 
public void SetOpenO { 
storeval ( state , 1) ; 

if (StuckOpen) { 

interval clear » check_to_clear_f aul t (probClearFaul t ) ; 
if (clear = 1) ClearFaul t ( > ; 
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jtOMVal i state, 0) ; 
if ’'StuckCLosecW I 

interval dear = check_to_clear_fault (probClearFault) ; 
i £ { c Lear - L) _leurFault() ,* 

} 

> 

/* Define the access functions that allow the user to 

inject faults to the valve. These are mutually exclusive, 
so SetStuckOpen will do nothing if we called a SetStuckClosed 
without clearing it (and vice versa) . */ 
public void SetStuckOpen ( interval probclear) { 
unless (StuckClosed) { 
unless (StuckOpen) { 
do { 

hence StuckOpen; 

} watching (RemoveFault ) ; 

storeval (probClearFault , probclear) ; 

} 

} 

} 

public void SetStuckClosed (interval probclear) { 
unless (StuckClosed) { 
unless (StuckOpen) { 
do { 

hence StuckClosed; 

} watching (RemoveFault) ; 

storeval (probClearFault, probclear) ; 

} 

} 

} 

public void ClearFaultO { 

RemoveFaul t ; 

} 

public void CreateValveFault ( ) { 

interval faulttype, faultprob ; 

faulttype = check_for_fault (default_state, state); 
if ( faulttype = 1.0 ) { 

faultprob = getjprob_to_clear(); 

SetStuckOpen (faultprob) ; 

} 

if( faulttype = 2.0 ) { 

faultprob = get_prob_to_clear ( ) ; 

SetStuckClosed (faultprob) ; 

} 


) 

/ 


/♦IT****************************************************** 

CreateValveFault ( ) 

*******»»************************************♦********/ 

/* used to enable the faults for the solenoid valves. Will call 
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it ;iLL; itselc there is i const int ! Low? probub i L l t y that 
t he '/.live will become stuck. This cesuLts lq the valve tuuLts 
.havlhg a geometric probabL i iKy distribution. May non be 
realistic, but the reaL point is to be able to add fauLts 
to the valves in order to test the control software! 

*/ 

/ * 

/ /'CreateValveFaul 1 1 ) , // Uncomment these lines to enable the random faults 

void CreateValveFault ( ) { 

SolenoidOnOf fGasValve X; 

So lenoidSwitchingGas Valve Y; 

// Check for faults in on-off solenoid valves 
forall X in class SolenoidOnOf fGasValve { 

X . CreateValveFault ( ) ; 


// Check for faults in switch solenoid valves. Same code as 
// above, but done for a different valve name, 
forall Y in class SolenoidSwitchingGasValve { 

Y. CreateValveFault ( ) ; 

} 

when(time * eval { time) +1) CreateValveFault () ; 

} 

*/ 


#endif 
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t :v. t-? t: ; jnunon^HEADER 

me- : oinmon_HEADER 

# include ofcoreval . hcc * 

{♦define PC '3.14159 

■^EPSILON le-10 

// Ideal gas constant. 

<1 3.31451 for Pa-m*3/mol -K 

,7 3 . 3 1451e-2 for bar-L/mol-EC 

// 2 . 365e-2 for psi-£t A 3 / mol-R 

{♦define r 2.365e~2 // psi*ft A 3 / mol*R 

#endi £ 
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Adam 


/ Com: f > L r . he - : 


JW »*r5t 


/ .<• • / , / ■ V / . / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / 

g Ufndef Cone co L Le r _HEADER 
^define Cent: ro L Ler_HEADER 


g include " Actuat ingSoleno idValve . hoc" 
g Lncl ude " LoxTank . he c " 

class Controller { 

// There is one issue with the controller - when it contains the 
// "StateFinished” wrapper, to end controlling the valve, after 
// about six valve cycles, hoc begins to run Very slowly in the point 
// phases. We believe that the reason is because the do{} watching 
// statement keeps the other when statements from being removed until 
// "Done" becomes true. I have therefore removed the f, Done ,r state, and 
// will try to implement something else. 

// With manual commands, runtime for 10000s =* 54 realtime s 
// With full controller, runtime * over 20 min 
// With controller without "Done” state = 56 s 


private boolean Done ; 

private SolenoidActuating3wayGasValve Valveln; 
private LoxTank Tankln; 

private void StateClosed (} ; 
private void StateVenting {) ; 
private void StateFinished ( ) ; 

public Controller (SolenoidActuating3wayGasValve V , LoxTank T) { 
always { Valveln « eval 'V) ; Tankln * aval (T) ; } 
do { 

when (time « 1B00) StateVenting () ; 

} watching (Done) ; 

when (time * 10000) StateFinished ( ) ; 

} 

private void StateVenting ( ) { 

Valveln.SetOpenO ; 

when (Tankln. p_gox <= 12.2) StateClosed {) ; 

} 

private void StateClosed ( ) { 

Valveln. SetClosedO ; 

when (Tankln. p_gox >=* 18) StateVenting 0 ; 

} 

private void StateFinish *d ( ) { 

Done ; 

Valveln . Set Closed ( ) ; 

} 

} 


tend! f 
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f> L ::i' !*■ t. 5' Low_HEAOER 
ttc ,J C m-i Ftow_HEADER 

/***+*** + ********* + **+***+*** + + ****** + ********* + ********+*************** 

Flow object 

***********#**********¥*****+****■*'*»***********************************/ 


/* rjsed to connect the different components of the system together. 
Should not think of this so much as the pipes of the system 
as a software gimmick used to transfer flow between the components. 

*/ 

tt inc 1 ude '* Common . hoc " 
class Flow ( 

public interval t, p, mass_rate, mw; 
public inteirval flowsign; 

/♦public Flow ( interval mw_init) { 
storeval(mw, mw_init) ; 

}*/ 

} 

#endif 
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* LoxT-mk ho; A- Imn Sweet 

* - **********/ 

/* FlL^ Chat implements the L OX tank on board Che X-34.*/ 

# i fade f LoxTank ^HEADER 
^define LoxTank HEADER 


% modu 1 e ” c he r mo " 

# include "Common. hcc" 

# include " Flow . hcc" 

class LoxTank { 

public interval v_tank, v_gox, v_lox; 

public interval p_gox, p_ lox; 

public interval m_gox, m_lox, m_boi Irate; 

public interval t_gox, t_lox; 

private interval u_gox, h_gox_in # h_gox_out; 

private interval mw_gox; 

private interval g_gox, q^lox, q_total; 

public interval vapor jpressure, p_sat; 


public LoxTank (Flow Input, 

Flow VentOutput, Flow MainOutput, interval m_loxO, 
interval t_loxO, interval mw_goxO, 
interval area, interval length) { 

// m_loxO ■ Ibm, t_loxO * deg R, mw__goxO = lbm/mol, 

// area * ft x 2, length • ft 

//sample (m_gox, t__gox, v_gox, p_gox, p_sat, t_lox, v_lox, m_boilrate) 

//sample (p_sat, mjooilrate) ; 

/* Set tank initial status */ 

m_lox : * eval (m_loxO ) ; 

t_lox : = eval (t_loxO) ; 

u_gox : * get_o2_u_f rom_T ( t__lox) ; 

//u_gox : = get_o2_u_f rom_T (450) ; 
always {mw_gox := eval (mw_gox0 ) ; 

v_tank : = eval (area*length) ; } 

/* Determine the vapor pressure of the LOX, to determine 
the initial mass of GOX in the tank. */ 

/ / vapor p ressure = -461 . 14 + 10 . 286*t__lox- 0 . 0778*t_lox A 2+0 . 0002* t__lox 3 ; 
m_gox : = (1 . l*p_sat*v_gox*mw_gox) / (r*t_gox) ; 

//m_gox :» 1.54; 

always { 

/* Determine the volume of LOX in the tank. Use that to 
find the volume in the tank for gas. */ 

v 1 ox : * (1/71. 5) *m_lox; //density LOX =71.5 lbm/ft~3 

v_jgox :* v_tank - v_lox; 
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J c> l or ie t t i* : 

//p i.ir 5 1.1 7H V ■) '50*> i _ Lox * ) . 02 4‘5 ) 7 * n _ Lox “ 2 ; 

// 5 th order fit: 

p _aat := 272.9*58 - ) . -5 U45*t_lox * 0 . I 3 9 L*59 * t _ Lox *2 

- 3.431Je-Vr. Lox ' 3 ► 2.9745e-6*t Lox*4 - 3 . 09628e - 9 * t_ Lox* 5 


/‘unless { p _gox < p_sat/ 
m_boil rate : - o ; 

eLse 

m boil rate : - 0 ; */ 


unless ( p_gox < = p_sat) 
m_boilrate := 0; 

else 

m_boi Irate : * VentOutput . massjrate 

+• VentOutput . massjrate* 0 . 5* (p_sat -p_gox) - 0.001; 
//m_boilrate := 0 . 5* (p_sat -p_gox) - 0.001; 


/****♦ conservation of mass for tank ****♦/ 
m_lox' :* -m_boilrate; 

m _g°x' :« m_boilrate * VentOutput .massjrate ; 

/***♦ Conservation of energy for tank ♦****/ 

//91.5 * heat of vaporization of lox 
//0 . 4 * Cp of lox 
q^total :* 9.8; //BTU/s 

//q_ lox :* 0 : .995*CL.total; //v_gox/ (v_gox+v_lox) *q_total ; 
//qLgox :* 5 . Oe-3 *q_total ; //v_lox/ (v_gox+v_lox) *q_total ; 
q_gox :* 1 * 75e~5* (550-t_gox) *q_total ; 
q_lox :* q__total - q_gox; 

t_lox' := (-91.5*m_boilrate + q_lox) / (0 . 4*m_lox) ; 


h_gox_in : = get__o2_h_f rom_T { t_lox) ; 
h_gox_out :* get__o2_h_from_T(t_gox) ; 

u_gox' l/m_gox * (m_boilrate*h_gox_in 

- VentOutput .mass_rate*h_gox_out + q_gox 

- m_gox' *u_gox) ; 

t_gox :« get_o2_T_£ rom_u (u__gox) ; 

//t_gox « t_lox; 


/♦**** Equation of state for gas in tank ****♦★/ 
p^gox :« (m_gox/mw_gox) * r * t_gox / v_gox; 

//p_gox' := (m_gox' /mw_gox) * r * t_gox / v_gox 

//+ (m_gox/mw_gox) * r * t_gox' / v_gox; 

/♦**★** g e t outgoing variables **************/ 

Ven tout put. p » p_gox; 

VentOutput. t » t_gox; 

VentOutput . mw » mw^gox ; 


} 


} // end constructor 
► // end class definition 
frendif 
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di i l l : 1 ii« : J 


/ ' • / / / ' . / / / ' / / / / / / / / / / / / / / ////// / / / / / / /' / / / / / / / / 

#Lfndef Or l f Lee ^HEADER 
^define Orifice HEADER 


‘■^module, "mathlib" 

ft include "Common. hcc" 
ft include " Flow, hoc" 

// orifice equations are taken from Marks' Handbook for Mechanical 
// Engineers, p. 4-21. They use the units: 

// Velocity ■ ft/s 
// Area = ft *2 
// pressure = Ibf / ft A 2 
// temperature * Rankine 
// mass flowrate => Ibm/s 

// Ideal gas constant = (Ibf /f t A 2*f t *3 ) / (Ibm/Rankine) 

// Note that they use the R specific to one gas. 

// I will be converting my R to that value by 

// dividing R by the molecular weight of the gas. (lbm/mol) 

// There is also another constant listed in the equation, gc. This 
// is a dimensional conversion constant from Bernoulli's equation, 
// effectively equal to 

// gc * ( lbm-f t/s A 2 *ft)-./ 2 *Btu * 1/64 . 4* (Ibf -ft/Btu) =12.1 

//I will be adding my own constants into the orifice equation, to 

// convert pressure from psi to lbf/ft*2, etc. 


class Orifice { 

private interval mass^rate; 

private interval Al, A2, k; // A1 * large dia, A2 * small dia, 
private interval C, mw; // k * ratio of specific heats 

// C = discharge coeffecient 
// mw * molecular weight 

private interval terml, term2, num, denom; 
private interval flowsign; 

public Orifice (Flow In, Flow Out, interval areal, interval area2, 
interval kO , interval CO, interval mwO) { 

storeval(Al, eval (areal) ) ; 
storeval (A2 , eval (area2 ) ) ; 
storeval(k, eval(kO)); 
storeval (C, eval (CO)); 
storeval (mw, eval(mwO) ) ; 

//sample ( In . p, In.t, mass_rate, Out.p, Out.t); 
always ( 

In.mass_rate = mass_rate; 

Out . mass_rate = mass^rate; 

In.t » Out . t ; 

In. flowsign * flowsign; 

Out . f lows ign * flows ign ; 
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Cu p • Out . p > || i[n.p -- ). ?iw in nofmal lit 

unLess ! 0.3*Cn.p • Out.p? i 

,// Normal flow 

terml:* ( En . p/Out . p) * ( ( k - 1 ) /k) * ( \ Cn . p/Out . p ) * { ( k- l ) / k 1 - i) ; 

term2 : = ( 2 * 12 . L *k) / ( r/mw* En . t * ( k - L ) > ; 

num : a C*A2 *Qut . p*sqrtPt t terml *term2 ) ; 

denom :» sqrtPtfl - (A2/A1) *2* 'Out .p/In.p) * (2/k) ); 

mass_rate : = num/denom; 

//mass_rate * 0 . 000000 1 *( In . p - Out . p) * In . t ; 

} else { 

// Choked flow 

terml * k * (2/ (k+1) ) A ( (k+1) * (k-1) ) ; 
tarm2 * 12 . 1/ (144*r/mw*In. t) ; 

mass_rate * C*A2* ( 144*In.p) *sqrtPt (terml*term2) ; 

//mass^rate * 0 . 0295 * In . p*sqrtPt { 0 . 0315/In. t ) ; 

//mass_rate * 0.001* (In. p - Out .p) *sqrtPt (1/In. t) ; // Works 
//mass_rate 0.01* (In. p) ; // Doesn't work 

} 

flowsign * 1.0; 

} 

if { (In.p < Out . p) && (In.p !» 0)) { // Flow in opposite dir 

unless (0.5*Out.p > In.p) { 

// Normal flow 

terml:- (Out .p/In.p) * ( (k-1) /k) * ( (Out.p/In.p) A ( (k-1) /k) - 1) ; 

term2 (2*12 . l*k) / (r/mw*Out . t* (k-1) ) ; 

num :« C*A2*In.p*sqrtPt (terml*term2) ; 

denom sqrtPt(l - (A2/A1) ‘2* (In. p/Out .p) * (2/k) ); 

mass_rate := - num/denom; 

//mass_rate = -0 . 0000001* (Out .p - In.p)*Out.t; 

} else { 

// Choked flow 

terml - k * (2/ (k+1) ) A ( (k+1) * (k-1) ) ; 
term2 - 12 . 1/ (144*r/mw*Out.t) ; 

mass_rate = -C*A2* (144*Out .p) *sqrtPt (terml*term2) ; 
//mass_rate = - 0 . 0295*Out .p*sqrtPt (0 .0315/Out . t) ; 

//mass_rate - -0 . 001* (Out .p - In.p) *sqrtPt (1/Out . t) ; //Works 
//mass_rate := -0 . 01* (Out .p) ; // Doesn't work 

} 

flowsign = -1.0; 

} 

if (In.p * 0) { 

mass_rate » 0.0; 
flowsign * 1.0; 

} 

} 

} 

\ 


fendif 
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/ Pneumat icVa l*/e - ho: 

/, 7 //////, ///////////// /////////////// ///////////// 

# 1 fade f Pneumat LcVa ive^HEADER 
(♦define Pneumat icVal'/e HEADER 


tfincLude "Common. hoc” 
ttincLude " Flow.hcc" 

%module "mathl ib" 

% modu 1 e "the rmo " 


class Pneumat icValveTank { 

public interval mass, v, p, t, mw_gas; 
public interval input_enthalpy ; 

public interval heat_flow; 
private interval £lowsign_in; 

public Pneumat icValveTank (Flow In, interval mO, 

interval to, interval vO, interval mw_ gasO) { 
mass :* eval(mO); 
t ; * aval (tO) ; 

always { v:*eval(vO); mw_gas * aval (mw_gasO) ; } 
always { 

input_enthalpy * get_he_h_from_T (t) ; 
heat_£low » 0.0; 
flowsign_in * In. flows ign; 

/* Mass balance * 
mass' :* In .mass^ate ; 

/* Equation of state, used to determine overall pressure. */ 
p (mass / mw_gas)*r*t / v; 

/* Energy balance */ 

t' :=* ( 1/ ( 13 . 2 + 3.125*mass) ) * (In.mass_rate*input_enthalpy 

- heat_flow ) ; 

/* Energy balance based on internal energy */ 

/*u' = 1/m * ( Input .mass_rate*input_enthalpy 

- HeatOutput . heat_f low - m' *u) , 
t * get_he_T_f rom_u(u) */ 

/+ Send pressure out to adjoining flows*/ 

In.p := p; 

unless ( f lowsig- ._in > 0) { 

I n . t = t ; 

} 


} 


} 


} 
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private interval, p, sqrt_term; 
private interval pcobClearFaul t ; 

private boolean StuckOpen, StuckClosed, RemoveFault; 

private interval state, default_state; 

public Pneumat icValveTank PVT; 

public void SetOpenO; 
public void SetClosedO; 

public void SetStuckOpen ( interval probclear); 
public void SetStuckClosed ( interval probclear); 
public void ClearFaultO ; 

public Pneumat icOnOf fGasValve ( Flow In, Flow Out, Flow Tankln, 

interval tank_mass_init , interval defaultState, interval diameter, 
interval loss_coeff, interval mwO) { 

//sample {state, p__in, tjLn, density, mass_flow) ; 

//storeval (state, defaul testate) ; 
storeval (mw, mwO) ; 

always PVT * eval (new Pneumat icValveTank (Tankln, tank_mass_init , 
540, 0.04, 0.00882)) ; 


always { 

def ault__state : » eval (defaultState) ; 
dia := eval (diameter) ; 
kl := eval (loss coeff ) ; 


unless (PVT.p >= 410) { 

state * 0; 

} else { 

state = 1; 

} 

/* We are assuming that the flow only goes in one 

direction through the valve. If the output pressure is 
greater than the input pressure, set the density to 0, 
to indicate no reverse flow through the valve. */ 

/* Define the normal mode of operation for the valve. It can 
open and close, and the mass flowrate through the valve 
depends on the geometry (Kl) and the pressure difference on both 
sides . 

Note that state indicates the state of the valve. 

Valve open: state = 1 

Valve closed: state * 0 

This flag is used throughout the code. */ 

/* The mass flowrate is sent up to the tank ahead of the 
valve. It is always a positive number. */ 

In. mass rate := mass flow; 
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p _ L n = C a . p ; 
t La 5 Cat; 




density := (la.p * mw.i / (r*En.t); // Units: Lbm/ft'3 // 

p : = [a . p - Oat . p ; 

/ /Out . t : * En . t ; 

unless (StuckClosed) { 
unless (StuckOpen) ( 

unless ( (state = 0) || (In.p <- Out.p) || (In.p * 0) ) { 

3 qrt_term := sqrtPt( 2* (In.p - Out .p) *4636 . 8/ (density*kl ) ) ; 
volume_f low (1/4) * PI * dia A 2 * sqrt^term; 
massif low :* volume_flow * density; 

Out . t := In.t; 

} else { // ( (stace = 0) || (In.p <= Out.p) || (In.p =0) )// 

sqrt_term =» 0,0; 
volume_flow : = 0.0; 
massif low ; « 0.0; 

Out . t » 400; 

} 

} 

} 

/* Define the two failure modes for the valve, StuckOpen 
and StuckClosed. As you'd expect, StuckOpen will let 
gas through regardless of the commanded set value, 
and StuckClosed will not let the gas through. */ 
if (StuckOpen) { 

unless ( (In.p <= Out.p) || (In.p * 0) ) { 

sqrtj:erm sqrtPt ( 2*(In.p - Out .p) *4636 .8/ (density*kl) ) ; 
volume_f low ;=* (1/4) * PI * dia A 2 * sqrt_term; 
mass_flow :=* volume_flow * density; 

Out.t :» In.t; 

else /* ( (In.p <= Out.p) || (In.p =* 0) ) */ { 
massif low :* 0; 

Out.t » 400; 

} 

} 


if (StuckClosed) { 
massif low : = 0; 

Out.t * 400; 

} 

} 

} 

/* Define the access functions to turn the valves on 

and off. Note that there will be a probability of unsticking 
the valve when we try to open and close it. When the valve 
is stu k open, we can't close it, and sending the command 
to op€ l again might free the valve. Also, when the valve 
is stuck closed, we can't open it, and so sending the 
command to close again might free the valve. */ 
public void SetOpenO { 
storeval (state, 1) ; 
if (StuckOpen) { 

interval clear = check_to_clear_f aul t (probClearFault ) ; 
if (clear * 1) ClearFault ( ) ; 
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pub Li*: void SetClosedU ( 

JCOMVJ L (state , 0 ) ; 

Lt (StuckClosed) { 

interval dear * check_to_c iear_fault (probClearFaui t / ; 
it (clear = 1) ClearFault () ; 


} 

/* Define the access functions that allow the user to 

inject faults to the valve. These are mutually exclusive, 
so SetStuckOpen will do nothing if we called a SetStuckClosed 
without clearing it (and vice versa) . */ 

public void SetStuckOpen ( interval probclear) { 
unless (StuckClosed) { 
unless (StuckOpen) { 
do { 

hence StuckOpen; 

} watching (RemoveFault) ; 
storeval (probClearFault , probclear) ; 

} 

} 

} 

public void SetStuckClosed (interval probclear) { 
unless (StuckClosed) { 
unless (StuckOpen) { 
do { 

hence StuckClosed; 

} t watching (RemoveFault) ; 
storeval (probClearFault, probclear) ; 

} 

} 

} 

public void ClearFault 0 { 

RemoveFault ; 

} 

public void CreateValveFault ( ) { 

interval fault type, faultprob; 

faulttype - check_for_fault (defaul testate, state); 
if ( faulttype - 1.0 ) { 

faultprob » get_prob_to_clear(); 

SetStuckOpen (faultprob) ; 

} 


if( faulttype * 2.0 ) { 

faultprob * get_prob_to_clear(); 
SetStuckClosed (faultprob) ; 

} 

} 


endif 
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Regi i L iKji. . tv: 

/ ■ •• / / / / / / , / / / / ' / / / , / / ; ' ' / / ; / / . / / / / ////////// / / / / mu nun / / 

ft L tndef Regu 1 a t o r _HEAD ER 
#de£ Lae Regu Lie o c _H EAD E R 

# mclude <storeval . hcc> 

# include " Flow. hcc" 

class Regulator { 

private interval setpoint, p_in; 

private boolean RegHigh, RegLow, Blocked, UnRegulated, RemoveFault; 

public void SetRegulat ingHigh ( ) ; 
public void SetRegulatingLow { ) ; 
public void SetNotRegulating ( ) ; 
public void SetBlocked ( ) ; 
public void ClearFault ( ) ; 

private interval Min (interval a, interval b) ; 

public Regulator (Flow Input, Flow Output, interval setpoint_init ) { 

storeval (setpoint, eval (setpoint_init) ) ; 

//sample (UnRegulated, p_in) ; 
always { 

p_in =* Input. p; 

unless (RegHigh | | RegLow j | UnRegulated | | Blocked ) { 
Output. p Min (Input .p, setpoint); 

} 

if (RegHigh) ( 

Output. p := Mindnput.p, setpoint*l . 5 ) ; 

} 

if (RegLow) { 

Output. p :* Min ( Input. p, setpoint/1.5); 

} 

if (UnRegulated) { 

Output. p :=* Input. p; 

} 

if (Blocked) { 

Output . p : = 0.0; 


Output . t = Input . t ; 

Output . mass^rate * Input . mass_rate ; 

} 


public void SetRegulat ingHigh ( ) { 

unless (RegLow | | UnRegulated | | Blocked) { 
do { 

always RegHigh; 

} watching (RemoveFault) ; 
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*■ public '/Old SeCRegui at mgLow ( ) { 

unless (RegHigh | | UnRegulated | | Blocked) { 
do { 

always RegLow; 

} watching ( Remove Paul c ) ; 

} 

} 

public void SetNotRegulat ing ( ) { 

unless (RegHigh | j RegLow | | Blocked) { 
do { 

always UnRegulated; 

} watching (RemoveFault) ; 


} 

} 

public void SetBlockedO { 

unless (RegHigh | | RegLow | | UnRegulated) { 
do { 

always Blocked; 

} watching (RemoveFault) ; 

} 

} 

public void ClearFaultO { 

RemoveFault ; 

} 

pri’ tte interval Min (interval a, interval b) { 

unless ( a > b ) { 
return * a; 

} else { 

return * b; 

} 


} 


fendif 
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7/ U/ )') 


/ ) r i he ; 

/'•/,., // . 7 / /// ■'/////////. //////// / / / / // // /////////////////////// 

# L f nde C* Sensors_HEADER 
Jtdef Lae Sensor 3 _HEADER 

^module "mathl ib" 

# include otoreval . hcc> 

# include "Flow. hcc" 

# include M Actuat ingSolenoidValve . hcc" 

# include "LoxTank .hcc" 

///////////////////////////////////////////////////// 

// Pressure sensor. 

////////////////////////////////////////////////////// 

// Reports the pressure of the input flow // 
class PressureSensor { 

private interval p; 
private interval pmax; 
private interval mean, stdev; 

private boolean Unpowered; 
private boolean Shorted; 
private boolean RemoveFault; 

public void SetUnpowered ( ) ; 
public void SetShorted ( ) ; 
public void ClearFault { ) ; 

public PressureSensor {Flow Input, interval maxoutput, 

interval noise_mean, interval noise_standv rd — dev) { 
storeval (pmax, maxoutput) ; 
storeval (mean, noise_mean) ; 
storeval (stdev, noise_standard__dev) ; 

sample (p) ; 

always { 

unless (Unpowered) { 
unless (Shorted) { 

p Input. p + gaussian (mean, stdev); 

} 

} 


if (Unpowered) 

{ p := 0 + gaussian (mean, stdev); } 
if (Shorted) 

{p : a pmax + gaussian (mean, stdev); } 


} 


} // end PressureSensor constructor 

public void SetUnpowered { ) { 

unless (Unpowered) { 
unless (Shorted) ( 
do { 
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unt l L ' Remove? mLri 


end SetfJnpoweced 


public void SetShorted ( ) { 

unless (tfnpowered) { 
unless (Shorted) { 
do { 

hence Shorted; 

} until (RemoveFault); 

} 

} 

} // end SetShorted 

public void ClearFaultO { 
RemoveFault ; 

} // end ClearFault 


} 



.?s.ws 


/////////////////////////////////////////////////// 

// Temperature sensor. 

lllllllllllllltlll/IIIIIIIIIIIIIIIIIIIIIIUUIIIIIIIII 

f / Reports the temperature of the input Flow // 

:lass TemperatureSensor { 

private interval t; 
private interval mean, stdev; 

private boolean Broken; 
private boolean RemoveFault; 

public void SetBrokenO; 
public void ClearFaultO ; 

public TemperatureSensor (Flow Input, interval noise_mean, 

interval noise_standard_dev) { 

storeval (mean, eval (noise_mean) ) ; 
storeval (stdev, eval (noise_standard_dev) ) ; 

sample (t) ; 

always { 

unless (Broken) 

t Input . t + gaussian (mean, stdev); 
if (Broken) 

t : =» 0.0 + gaussian (mean, stdev); 

} 

} 

public void SetBrokenO { 
unless (Broken) { 
do ( 

hence Broken; 

} until (RemoveFault) ; 

} 
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pi ib L l : v'jj. 1 C LearF iuL t ) { 

RemoveFauLt ; 

* J // end CLearFuuLt 

} / end Temperature Sensor class 

/ '// / '*/ /////// / /////////////////////////////////// 

// Mxcroswitches 

fiii/iiiiiiiiiiiiniiiiiiiiiiiiiiiiiiiiiiiiiiiiiii 

// Reports the open/closed status of a valve // 
class MicroswitchOnOff Valve { 

private interval state; 

private boolean StuckOn; 
private boolean StuckOff; 
private boolean RemoveFault; 

public void SetStuckOnO ; 
public void SetStuckOf f ( ) ; 
public void ClearFault ( ) ; 

public MicroswitchOnOff Valve (SolenoidActuatingOrxOf fGasValve V) { 
sample (state) ; 
always { 

unless (StuckOn) { 
unless (StuckOff) { 
state := V. state; 

} 

} 

if (StuckOn) { 
state := 1; 

} 

if (StuckOff) { 

State := 0; 

} 

} 

} 

public void SetStuckOnO { 
unless (StuckOff) { 
do { 

hence StuckOn; 

} until (RemoveFault) ; 

} 

} // end SetStuckOn 

public void SetStuckOf f ( ) { 

unless (StuckOn) { 
do { 

hence StuckOff; 

} until (RemoveFault) ; 

( 

} // end SetStuckOff 

public void ClearFault () { 

RemoveFault ; 

} // end ClearFault 
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private mterval state; 

private boolean StuckOn; 
private boolean StuckOff; 
private boolean RemoveFault; 

public void SetStuckOnO ; 
public void SetStuckOf f () ; 
public void ClearFault ( ) ; 

public Microswitch3wayValve ( So lenoidActuating3wayGas Valve V) { 
sample (state) ; 
always { 

unless (StuckOn) { 
unless (StuckOff) { 
state :* V. state; 

} 

} 

if (StuckOn) { 
state 1 ; 

} 

if (StuckOff) { 
state 0; 

} 

} 

} 

public void SetStuckOnO { 
unless (StuckOff) { 
do { 

hence StuckOn; 

} until (RemoveFault) ; 

} 

} // end SetStuckOn 

public void SetStuckOf f ( ) { 

unless (StuckOn) { 
do { 

hence StuckOff; 

} until (RemoveFault) ; 

} 

} // end SetStuckOff 

public void ClearFaultO { 

RemoveFault ; 

} // end ClearFault 


////////////////////////////////////////////////// 

/ LOXTemperature sensor. 

///////////////////////////////////////////////////// 

/ Reports the temperature of the liquid 02 in the input LOX tank // 
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private inter/ii t; 

> private interval mean, 3 tdev; 

private boolean Broken; 
private boolean RemoveFault ; 

public void SetBrokenO; 
public void ClearFaul t () ; 

public LOXTemperatureSensor (LoxTank Input, interval noise_mean, 

interval noise_standard_dev) { 

// Arguments: Integer for sample order, input flow // 

storeval (mean, eval (noise_mean) ) ,\ 
storeval (stdev, eval (noise_standard_dev) ) ; 
sample (t) ; 

always { 

unless (Broken) 

t Input. t_lox + gauss ian (mean, stdev); 
if (Broken) 

t :* 0.0 + gauss ian (mean, stdev); 

} 

} 

public void SetBrokenO { 
unless (Broken) { 
do { 

hence Broken; 

} until (Remove Fault) ; 

} 

} // end SetBroken 

public void ClearFaultO { 

RemoveFault ; 

} // end ClearFaul t 

} // end LOXTemperature Sensor class 

tfendif 
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Tank . he-: 


. ' / /• , / / / ' / ///// / / / / / / / / / / / / / /• / / / / ! / ////// / / / i / ' 

t cade t" Tank_HEADER 
^define Tank HEADER 



# inc Lude 11 Common . hoc " 

# include "Flow . hcc " 

^module "thermo" 

class Tank { 

public interval mass, v, p # t, mw_gas; 
public interval input_enthalpy ; 

public interval heat^flow; 

public Tank (Flow Out, interval mO , 

interval to, interval vO, interval mw_gasO) { 
mass : * eval (mO) ; 
t : * eval (tO) ; 

always { v: *eval (vO) ; mw_gas = eval (mw_gasO) ; } 
always { 

heat_£low * 0; 

input_enthalpy » get JaeJi^fromJT (t) ; 

// Mass balance 

mass' :» -Out .mass_rate; 

// Equation of state, used to determine overall pressure, 
p :* (mass / mw_gas) *r*t / v; 

// Energy balance 

t' := (1/(13. 2 + 3 . 125*mass) ) * ( -Out . mass_rate*input_enthalpy 

- heat_flow) ; 

// Energy balance based on internal energy 
/*u' * 1/m * (Input .mass_rate*input_enthalpy 
- HeatOutput . heat_f low - m' *u) , 
t * get_he_T_f rom_u(u) */ 

// Send pressure out to adjoining flows 
Out . p : = p ; 

Out . t : = t ; 


} 


} 


} 


#endi f 
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it •: t :i« V i L v.«_HEADEP 

7alveJ{EADEP 

'fcmodu Le "mar. hi Lb” 
i module ” va L ve £ iti L t ” 

$ include "Common. hoc” 

# include "Flow . hcc” 

^t*% i #*'#*’#*»* , ^*'»'* , **'** r ****** i,r ***'** f,ri * f4r '* i,r *** f<lp#i,r *' # *' # *’** , '*’ <r **'* f * 

Solenoid Valve (0n-0££, Gas) object 

ir#****************************************/ 


class SolenoidOnOf fGasValve { 

private interval dia, kl, density, p_in, t_in; 
private interval volume_£low, mass_flow; 
private interval p , sqrt_term; 
private interval probClearFault ; 

private boolean StuckOpen, StuckClosed, RemoveFault; 

private interval state, defaul testate ; 

public void SetOpenO; 
public void SetClosedO ; 

public void SetStuckOpen ( interval probclear); 
public void SetStuckClosed (interval probclear); 
public void ClearFault { ) ; 

public SolenoidOnOf fGasValve (Flow In, Flow Out, 

interval defaultState, interval diameter, interval loss_coeff) { 

//sample (state, density, mass_flow, StuckOpen); 

storeval (state, defaul testate) ; 

always { 

defaul testate : = eval (defaultState) ; 
dia :=« eval (diameter) ; 
kl := evaKloss coeff ) ; 


/* We are assuming that the flow only goes in one 

direction through the valve. If the output pressure is 
greater than the input pressure, set the density to 0, 
to indicate no reverse flow through the valve. */ 

/* Define the normal mode of operation for the valve. It can 
open and close, and the mass flowrate through the valve 
depends on the geometry (Kl) and the pressure difference on both 
sides . 

Note that state indicates the state of the valve. 

Valve open: state = 1 

Valve closed: state » 0 

This flag is used throughout the code. */ 

/* The molar flowrate is sent up to the tank ahead of the 

valve. It is always a positive number. The upstream tank 
then determines the mole fraction of the flow, and sends 
that result to the valve to be passed on down the system. */ 
In.mass_rate = mass_£low; 

Out. mass rate = mass flow; 
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p _ i rt - Cap, 

K _ L a 3 l a . tl ; 

density : . < (n.p * tn.mw* < r * Crt. n ) * 1000; /* Set Co kg/m* 3* 

p : = Cn . p - Out . p ; 

Out . t : * Ca . t ; 

unless ( StuckClosed) { 
unless (StuckOpen) { 

unless ( (state = 0) | | (In.p <= Out.p) || (In.p = 0) ) { 

sqrt_term : = sqrtPt ( 2MIn.p - Out . p) *1 . OeS/ (dens ity*kl) ); 
volume_f low (1/4) * PI * dia'2 * sqrt_term; 

massif low : ^ volume^flow * density; 

} else { // ( (state => 0) | | (In.p <= Out.p) || (In.p = 0) ) // 

sqrt_term * 0,0; 
volume_flow :* 0.0; 
mass_£low : * 0.0; 

} 

} 

} 

/* Define the two failure modes for the valve, StuckOpen 
and StuckClosed. As you'd expect, StuckOpen will let 
gas through regardless of the commanded set value, 
and StuckClosed will not let the gas through. */ 
if (StuckOpen) { 

unless (. (In.p <= Out.p) | | (In.p * 0) ) { 

sqrt_term :« sqrtPt ( 2*(In.p - Out .p) *1 . 0e5/ (density*kl> ) ; 
volume_f low :=• (1/4) * PI * dia*2 * sqrt_term; 

mass_flow := volume_flow * density; 

else /*( (In.p <= Out.p) || (In.p - 0) ) */ { 
mass_flow :■ 0; 

} 

} 


if (StuckClosed) { 
mass_flow 0; 

} 

} 

} 

/* Define the access functions to turn the valves on 

and off. Note that there will be a probability of unsticking 
the valve when we try to open and close it . When the valve 
is stuck open, we can't close it, and sending the command 
to open again might free the valve. Also, when the valve 
is stuck closed, we can't open it, and so sending the 
command to close again might free the valve. */ 
public void SetOpenO { 
storeval (state, 1); 
if (StuckOpen) { 

interval clear = check_to_clear_fault (probClearFault) ,- 
if (clear = 1) ClearFault ( ) ; 

} 


public void SetClosedO { 
3 toreval ( state , 0) ; 

if (StuckClosed) { 
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:LrMrFAuU i ) ; 


/* Define the access functions that allow the user to 

inject fauLts to the valve. These are mutual ly exclusive, 
so SetotuckOpen will do nothing if we called a SetStuckClosed 
without clearing it (and vice versa) . * I 

public void SetotuckOpen ( interval probclear) { 
unless (StuckClosed) { 
unless (StuckOpen) { 
do { 

hence StuckOpen; 

} watching (RemoveFault) ; 

storeval (probClearFaul t , probclear) ; 

} 

} 

} 

public void SetStuckClosed (interval probclear) { 
unless (StuckClosed) { 
unless (StuckOpen) { 
do { 

hence StuckClosed; 

} watching (RemoveFault) ; 
storeval (probClearFault, probclear) ; 

} 

} 

} 

public void ClearFaultO { 

RemoveFault ; 

} 

public void C ^ateValveFault ( ) { 

interval -aulttype, faultprob; 

f aulttype * check_for_fault (defaul testate, state); 
if ( faulttype » 1.0 ) { 

faultprob ■ get_prob_to_clear ( ) ; 

SetStuckOpen ( faultprob) ; 

} 

iff faulttype * 2.0 ) { 

faultprob * getprob to clear (); 

SetStuckClosed (faultprob) ; 

} 


} 


/♦♦IT**************************************************** 

Solenoid Valvr» (Switching, Gas) object 
*************** *****♦*********************************/ 

class SolenoidSwitchingGasValve { 

private interval state, default_state; 
private boolean StuckA, StuckB, RemoveFault; 
private interval probClearFault; 

public void SetAO; 
public void SetBO; 

Page 3 of 7 



punli, : Y'>i.i ; r ■ wir~?rvtL pr .'be L~m r > . 
pub It: vo i i 1 r Loo r F .iu L t • ; 

pubLLo Soleno l>1owlc chm'jGaoVal ve { Flow En, Flow OutA, Flow OutB, 
interval defaultotate) { 
always default_si :ate = eval (defaultstate) ; 
storeval ( 3 cat a , default state) 



always ( 

/* We are assuming that the flow only goes in one 

direction through the valve. If the output pressure is 
greater than the input pressure, set the density to 0, 
to indicate no reverse flow through the valve. */ 

/* Define the normal mode of operation for the valve. It can 
open and close, and the mass flowrate through the valve 
depends on the geometry <Kl) and the pressure difference on both 
sides . 

Note that state indicates the state of the valve. 

Valve output to A: state ■ 0 

Valve output to B: state * 1 

This flag is used throughout the code. */ 

/* The molar flowrate is sent up to the tank ahead of the 

valve. It is always a positive number. The upstream tank 
then determines the mole fraction of the flow, and sends 
that result to the valve to be passed on down the system. */ 

unless (StuckA) { 
unless (StuckB) { 

unless (state * 1) { 

OutA.p * In.p; 

Out A . t * In.t; 

In.mass_rate * OutA.mass_rate ; 

Out B . p * 0.0; 

OutB.t = In.t; 

} else /* state=l */ { 

OutB.p » In.p; 

OutB.t = In.t; 

In.mass_rate = OutB . mass_rate ; 

OutA . p » 0.0; 

OutA.t = In.t; 

} 

} 

} 

/* Define the two failure modes for the valve, StuckA 
and StuckB. As you'd expect, StuckA will let 
gas through A regardless of the commanded set value, 
and likewise for StuckB. */ 

if (StuckA) { 

OutA.p =* In.p; 

OutA.t - In.t; 

In.mass_rate * OutA .mass_rate ; 

OutB.p = 0.0; 

OutB.t = In.t; 

} 

if (StuckB) { 

OutB.p = r n . p ; 
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1 


Cu . _r i n =• OutB Jnajj _ c ir -? . 

Our A . p = ; 

OutA.t ^ Cn.t; 


/ * Define the -access functions to turn the valves on 

and off. Note that there will be a probability of unsticking 
the valve when we try to open and close it. When the valve 
is stuck open, we can' t close it, and sending the command 
to open again might free the valve. Also, when the valve 
is stuck closed, we can't open it, and so sending the 
command to close again might free the valve. */ 
public void SetAO { 
interval clear; 
storeval (state, 0) ; 
if (StuckA) { 

clear » check_to_clear_f ault (probClearFault ) ; 
if (clear = 1) RemoveFault; 

} 

} 

public void SetBO { 
interval clear; 
storeval (state, 1) ; 
if(StuckB) { 

clear » check_to_clear_fault (probClearFault ) ; 
if (clear » 1) RemoveFault; 

} 

} 

/* Define the access functions that allow the user to 

ir ect faults to the valve. These are mutually exclusive, 
s ... SetStuckOpen will do nothing if we called a SetStuckClosed 
without clearing it (and vice versa) . */ 
public void SetStuckA ( interval probclear) { 
unless (StuckB) { 
unless (StuckA) { 
do { 

hence StuckA; 

} until (RemoveFault) ; 

storeval (probClearFault, probclear) ; 

} 

} 

} 

public void SetStuckB (interval probclear) { 
unless (StuckB) { 
unless (StuckA) { 
do { 

hence StuckB; 

} until (RemoveFault) ; 

storeval (probClearFault, probclear) ; 

V 

i 

} 

} 

public void ClearFaultO { 

Remove Faul t ; 
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pubLj.- 't'i L-i mLr i , j 

• iinr-ir/U t unit type, CauLtprob; 

!; mlr/.vpe - check_£ o r _ f ia L t (de t au L t_s tate , state); 

l t \ tauLttype - L . 0 ) f 

faultpcob = get_prob_to_clear ( ) ; 

3et3tuckA ( Eaultprob) ; 

i 

I 

ifi Eaulctype = 2.0 ) { 

Caultprob * gee_prob_to_clear ( ) ; 

SetStuckB ( Eaulcprob) ; 

} 

} 

} 

/fc^****************************************************** 

CreateValveFaul t ( ) 

IT*#***************************************************/ 

/* Used to enable the faults for the solenoid valves. Will call 
itself iteratively every n simulation seconds, and each time 
it calls itself there is a constant (low) probability that 
the valve will become stuck. This results in the valve faults 
having a geometric probability distribution. May not be 
realistic, but the real point is to be able to add faults 
to the valves in order to test the control software 1 

*/ 


//CreateValveFault ( ) , // Uncomment these lines to enable the random faults 

t/oid CreateValveFault ( ) { 

SolenoidOnOf fGasValve X; 

SolenoidSwitchingGasValve Y; 

/* check for faults in on-off solenoid valves */ 
forall X in class SolenoidOnOf fGasValve { 

X . CreateValveFault ( ) ; 

} 

/* Check for faults in switch solenoid valves. Same code as 
above, but done for a different valve name. */ 
forall Y in class SolenoidSwitchingGasValve { 

Y. CreateValveFault () ; 

} 


when(time * eval (time) +1 ) CreateValveFault () ; 


******************************************************* 

Check Valve (Gas) object 

♦•★*#*************************************************/ 


lass CheckGasValve { 

private interval dia, kl , density, volume_flow, massif low, p; 
public CheckGasValve { Flow In, Flow Out, 

interval diameter, interval loss_coeff> { 
always dia=eval (diameter) ; 
always kl =eval { loss_coef f ) ; 

/* A check valve is designed to only allow fluid to 

travel in one direction. rf the output pressure is 
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■*qu.iL to ). The dieok vilve:j don't have C inlkJ 1 

that they won't tail. * 

¥ 

When the output pressure Is Less than the input pressure, 
the mass flowrate through the valve depends on the 
geometry f Ki; and the pressure difference on both 
sides. */ 

/* The valve plays the following role in the sim. Essentially, 

it looks at the pressure difference and determines the flowrate 
through that branch of the system. The pressure on 
either side of the valve must be defined by other simulation 
objects, usually tanks. If the input pressure is greater than 
the output pressure, the valve then uses the pressure 
difference and the characteristics of the input tank to determine 
the mass flowrate through the valve. If the output pressure 
is greater than the input pressure, the flowrate is set to 0. 

This mass flowrate number is then sent to both the upstream and 
the downstream objects, for use in mass (molar) balance equations. 

If the input pressure is 0, that is the signal that there 
is no flow to go through the system (an upstream valve is off) . 

The outgoing molar flowrate is then set to 0. This signal is 
really only used with the valves connected to flow controllers. */ 

always { 

density (In.p * In.mw) / (r*In.t) * 1000; /* Set to kg/m A 3*/ 

p :* In.p - Out . p ; 

unless ( (In.p <» Out.p) || (In.p ■ 0.0) ) { 
volume_flow » (1/4) * PI * dia A 2 

♦sqrtPt (2* (In.p - Out .p) *1 . 0e5/ (density*kl) ); 
mass_flow * ( In .p*volume_f low*1000) / (r*In.t); 

} 

if ( (In.p Out.p) || (In.p * 0.0) ) { 

massif low ■ 0,0; 

} 

Out . t - In.t; 

In.mass_rate * mass_flow; 

Out . mass_rate » mass_flow; 

} 

} 

} 

ttendif 
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